A new Government-backed research institute is being set up with the aim of counteracting cyber-attacks and other threats to the vital systems that control the UK’s industry and infrastructure.

The Research Institute into Trustworthy Industrial Control Systems, based at Imperial College in London, will explore potential threats to the infrastructure that controls processes from manufacturing to power generation and the national rail network. It will analyse how cyber-attacks that could shut down these systems can be prevented or counteracted.

The Institute is being funded jointly by the Engineering and Physical Sciences Research Council (EPSRC) and the Cabinet Office via the Centre for the Protection of the National Infrastructure (CPNI). It has a budget of about £2.5m over the coming 3.75 years. It is currently calling for proposals for projects worth £1.6m that will start in October this year.

“Our industrial control systems are vital for running most of the industrial processes that underpin modern society,” says the Institute’s director, Professor Chris Hankin. “From electricity generation to making sure trains run on time, these systems are vital to our everyday lives, but more work needs to be done to determine how vulnerable they are to threats from cyber-attack. Research at Imperial's Institute will focus on working out what the potential dangers are, so that new technologies and procedures can be designed to mitigate them in the future.”

Industrial control systems (ICSs) are often located in remote places or spread over large areas, making them particularly vulnerable to attack. For example, the UK's railways use such systems to control the entire network, from monitoring and controlling train movements, to signalling and emergency services. One of the first challenges for researchers at the new Institute will be to investigate ways to improve the protection of such systems.

Previously, ICSs were developed to operate in isolation, but since the rise of the Internet, they have increasingly been connected to business IT networks, allowing them to be maintained remotely and providing engineers with more information about how they are operating. This, however, makes them more vulnerable to cyber-attacks. The systems also need to operate continuously for months at a time, making it more difficult to install software upgrades or patches regularly to prevent attacks.

Hankin: working out the dangers

Researchers at the Institute will investigate how these systems can be made more robust without affecting their operation. Working alongside Government and industry, the team will also identify how cyber-attacks on a single business or utility could have knock-on effects on groups of businesses downstream, and possibly affecting the UK's infrastructure as a whole. The researchers will also investigate ways that these threats can be avoided by developing better procedures and technologies.

“The National Cyber Security Programme has ensured serious investment through its partnership with academia,” says Francis Maude, Minister for the Cabinet Office with responsibility for the UK Cyber Security Strategy. “This will make certain that the best UK expertise in thought and innovation in the study of cyber-security is properly supported.

“The UK's third academic Research Centre at Imperial College,” he adds, “will further strengthen this capability and reputation in the strategically important area of protecting the industrial control systems that lie behind some of our national infrastructure.”